dhcmp [-d] [-v] [-?] dh_dump1.txt dh_dump2.txtDhCmp has two modes:
dhcmp [-d] [-v] [-?] dh_dump1.txt dh_dump2.txt
This mode is useful for finding leaks. It compares two dumps from Dh.exe, another Resource Kit tool.
Dh_dump1.txt and dh_dump2.txt are obtained before and after some test scenario. DhCmp matches the backtraces from each file and calculates the increase in bytes allocated for each backtrace. These are then displayed in descending order of size of leak. The first line of each backtrace output shows the size of the leak in bytes, followed by the (last-first) difference in parentheses. Leaks of size 0 are not shown.
dhcmp [-d] [-v] [-?] dh_dump.txt
For each allocation backtrace, the number of bytes allocated is attributed to each callsite (each line of the backtrace). The number of bytes allocated per callsite are summed and the callsites are then displayed in descending order of bytes allocated. This is useful for finding a leak that is reached via many different codepaths.
ntdll!RtlAllocateHeap@12 appears first when analyzing DH dumps of Csrss.exe, as all allocation will have gone through that routine. Similarly, ProcessApiRequest is very prominent too, since that appears in most allocation backtraces. Hence the useful thing to do with Mode 2 outputs is to use DhCmp to compare two of them:
dhcmp dh_dump1.txt > tmp1.txt
dhcmp dh_dump2.txt > tmp2.txt
dhcmp tmp1.txt tmp2.txtThe output of the last command line shows the differences.